Security Engineer/ISSO Support

3 weeks ago
Full-time
Senior
Cybersecurity
Simple Technology Solutions

Simple Technology Solutions

Simple Technology Solutions specializes in Enterprise Cloud Transformation, providing innovative solutions to enhance organizational efficiency and scalability in the cloud computing sector.

IT Services
51-250
Founded 2013

Description

  • Serve as the primary point of contact and subject matter expert for security assessment and authorization activities.
  • Support the government team in completing the federal ATO process for new capabilities and the full SDLC.
  • Implement and maintain Zero Trust Architecture across the platform in line with federal mandates.
  • Ensure security controls are embedded across storage, IAM, network, and application layers.
  • Ensure compliance with FISMA, NIST 800-53, NIST 800-63, OWASP ASVS Level 2, and federal software supply chain requirements.
  • Engage privacy and security teams at the start of new service, feature, or dataset designs to assess classification, retention, and review needs.
  • Document data collection, usage, sharing, storage, retention, and breach notification requirements.
  • Integrate OWASP ZAP, SAST tools, container analysis tools, and dependency analysis into the CI/CD pipeline.
  • Conduct or oversee security scans at least once per sprint and document false positives.
  • Manage AWS IAM role configurations, Secrets Manager credentials, and certificate validity across environments.
  • Use CloudWatch, CloudTrail, and AWS Config to keep the production environment consistent, controllable, and auditable.
  • Collaborate with IV&V teams and agency security staff to improve security posture and resolve findings within required timelines.
  • Participate in 2-week sprint ceremonies, quarterly PI planning, and agile delivery using JIRA and GitHub.

Requirements

  • Must be a U.S. citizen.
  • Bachelor's degree or higher in Cybersecurity, Information Systems, Computer Science, or a related field.
  • Minimum of 6 years of position-related experience.
  • 6+ years of experience in federal information security with demonstrated ISSO or ATO-leadership experience at a civilian federal agency.
  • Financial regulatory agency experience is strongly preferred.
  • Deep working knowledge of FISMA, NIST 800-53, NIST 800-63, and the full federal ATO/SDLC process.
  • Hands-on experience implementing Zero Trust Architecture on AWS in a FedRAMP-authorized environment.
  • Experience with IAM hardening, network segmentation, and application-layer security controls.
  • Experience with OWASP ZAP, SAST/DAST tooling, dependency analysis, and container security scanning in CI/CD pipelines.
  • Familiarity with AWS security services including IAM, Secrets Manager, CloudWatch, CloudTrail, AWS Config, and S3 bucket policy and sensitivity classification management.
  • Experience conducting or supporting Privacy Impact Assessments (PIAs) and System of Records Notices (SORNs).
  • Knowledge of the Privacy Act of 1974, Federal Records Act, Section 508, the 21st Century IDEA Act, and related federal mandates.
  • Experience managing security for systems handling non-public, highly sensitive financial or regulatory data.
  • Strong written and verbal communication skills, including the ability to produce PIAs, ATO packages, and OWASP false positive documentation.
  • Experience in agile federal environments with sprint-based delivery, JIRA, and GitHub.
  • Must be able to work 8am-5pm Eastern Time regardless of home location.
  • Active federal public trust suitability determination, or the ability to obtain one, is required.

Benefits

  • Flexibility to support personal and professional thriving while working with federal government clients.
  • Recognized as a “Best Place to Work.”
  • Special incentives for team members living in qualified HUBZones.
  • Culture focused on collaboration, continuous learning, mentorship, and professional growth.
  • Equal employment opportunity and merit-based employment practices.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Active Directory / Identity Engineer

Keywords Studios 10K-50K Internet Software & Services

Keywords Group is seeking an experienced Active Directory SME and Azure Identity Lead to guide company-wide identity architecture and support global IT across on-premises and cloud environments.

Active Directory Cybersecurity DHCP DNS PowerShell
15 hours, 27 minutes ago

Senior Security Compliance Engineer

Klaviyo 1K-5K IT Services

Klaviyo is seeking a Senior Security Compliance Engineer to help its Security Trust & Risk team automate and scale compliance operations, continuous monitoring, and GRC tooling across a fast-growing AI-first B2C CRM platform.

AWS CI/CD Go HIPAA Kubernetes Python REST API SQL
16 hours, 12 minutes ago

Website Security Engineer

PetDesk 51-250 Health Care Providers & Services

PetDesk is hiring a Website Security Specialist to protect its website portfolio by preventing vulnerabilities, responding to incidents, and maintaining secure technical operations across the full site lifecycle.

WordPress
16 hours, 12 minutes ago

Principal AI Security Specialist - Federal

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a Principal AI Security Specialist to lead field-facing enterprise AI security engagements, helping Fortune 500 customers adopt GenAI securely across complex sales cycles.

Cybersecurity Generative AI LLM
1 day, 15 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers